Skip to main content

API Authentication

Flow

Description:

  • Merchant calls API to get JWT Token.
  • Baokim authenticates merchant based on direct integration with Baokim:
    • If Master integrates → use Master Merchant authentication credentials.
    • If Sub integrates → use Sub Merchant authentication credentials.

API Information

Method: POST URL: /b2b/auth-service/api/oauth/get-token

Request

(Parameters sent by merchant)

Main Parameters Table

No.Field NameData TypeRequiredDescription
1merchant_codeString(50)Merchant code by Baokim
2client_idString(50)Client ID by Baokim
3client_secretString(50)Client Secret by Baokim

Request Example

{
"merchant_code": "BAOKIMMRC",
"client_id": "BAOKIMMRC",
"client_secret": "iOiJKV1QiLCJhbGciOiJIUzI1NiJ9"
}

Response

(Parameters Baokim returns)

Main Parameters Table

No.Field NameData TypeRequiredDescription
1codeNumber(3)Baokim error code
2messageString(200)Error message
3dataObjectData Baokim returns

Data Information

No.Field NameData TypeRequiredDescription
1access_tokenStringJWT Token string
2token_typeStringToken type (bearer)
3expired_atDateTimeToken expiration time

Response Example

{
"code": 100,
"message": "Successfully",
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyOTIvYXBpL2IyYl9hdXRoL2xvZ2luIiwiaWF0IjoxNzA2MDgwODU1LCJleHAiOjE3MDYwODQ0NTUsIm5iZiI6MTcwNjA4MDg1NSwianRpIjoiV0FUWnpJZTB3d0NuU1dpNSIsInN1YiI6IjEiLCJwcnYiOiIyM2JkNWM4OTQ5ZjYwMGFkYjM5ZTcwMWM0MDA4NzJkYjdhNTk3NmY3IiwibWVyY2hhbnRfaW5mbyI6eyJjb2RlIjoiYWJjIn0sInNjb3BlcyI6W3siYWN0aW9uIjoiR0VUIiwidXJpIjoiYWJjLmNvbSJ9LHsiYWN0aW9uIjoiUE9TVCIsInVyaSI6Inh5ei5jb20ifV19.aRfdvwFz8CDiBqHoCG8IGfPC0bO4vhXRvY76dupRx9k",
"token_type": "bearer",
"expired_at": "2025-10-30 14:41:00"
}
}

Error Code

Error CodeDescription
100Success
11Failed
101Baokim system error
104OAuth authentication error
105Invalid digital signature
301Order not found by order_code
302Card issue (does not exist, expired)
303Card declined
304Insufficient card balance
305User cancelled transaction
306Incorrect OTP
308Transaction has not completed Authentication
309Transaction has not completed Authorization
310Transaction already reversed, cannot capture
311Transaction already captured, cannot reverse
313Bank-side processing error
422Validation error: RequestId invalid
422Validation error: RequestTime invalid
422Validation error: PartnerCode invalid
422Card_data invalid
422Amount invalid